From 4cb3633ed73429b0e553ce48d94911f61dd6e769 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Thu, 16 Dec 2010 20:31:13 -0800
Subject: [PATCH] Fix two SIGSEGV bugs in request interception.

When intercepting requests, properly ReleaseStringUTFChars for mimeType
and encoding after bringing over from Java.  Also, when finishing an
intercepted request that failed, construct a valid WebResponse.

Change-Id: I2990df2108a8fdf45c103512a8b9a30f4d6992ce
---
 WebKit/android/WebCoreSupport/UrlInterceptResponse.cpp | 12 ++++++------
 WebKit/android/WebCoreSupport/WebRequest.cpp           | 13 ++++++++++---
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/WebKit/android/WebCoreSupport/UrlInterceptResponse.cpp b/WebKit/android/WebCoreSupport/UrlInterceptResponse.cpp
index 112660948..875b22277 100644
--- a/WebKit/android/WebCoreSupport/UrlInterceptResponse.cpp
+++ b/WebKit/android/WebCoreSupport/UrlInterceptResponse.cpp
@@ -102,14 +102,14 @@ UrlInterceptResponse::UrlInterceptResponse(JNIEnv* env, jobject response) {
     jstring encodingStr = (jstring) env->GetObjectField(response, encoding);
 
     if (mimeStr) {
-        m_mimeType.assign(env->GetStringUTFChars(mimeStr, NULL),
-                          env->GetStringUTFLength(mimeStr));
-        env->ReleaseStringUTFChars(mimeStr, NULL);
+        const char* s = env->GetStringUTFChars(mimeStr, NULL);
+        m_mimeType.assign(s, env->GetStringUTFLength(mimeStr));
+        env->ReleaseStringUTFChars(mimeStr, s);
     }
     if (encodingStr) {
-        m_encoding.assign(env->GetStringUTFChars(encodingStr, NULL),
-                          env->GetStringUTFLength(encodingStr));
-        env->ReleaseStringUTFChars(encodingStr, NULL);
+        const char* s = env->GetStringUTFChars(encodingStr, NULL);
+        m_encoding.assign(s, env->GetStringUTFLength(encodingStr));
+        env->ReleaseStringUTFChars(encodingStr, s);
     }
 
     env->DeleteLocalRef(javaResponse);
diff --git a/WebKit/android/WebCoreSupport/WebRequest.cpp b/WebKit/android/WebCoreSupport/WebRequest.cpp
index cd496df72..da8412608 100644
--- a/WebKit/android/WebCoreSupport/WebRequest.cpp
+++ b/WebKit/android/WebCoreSupport/WebRequest.cpp
@@ -120,9 +120,16 @@ void WebRequest::finish(bool success)
         m_urlLoader->maybeCallOnMainThread(NewRunnableMethod(
                 m_urlLoader.get(), &WebUrlLoaderClient::didFinishLoading));
     } else {
-        OwnPtr<WebResponse> webResponse(new WebResponse(m_request.get()));
-        m_urlLoader->maybeCallOnMainThread(NewRunnableMethod(
-                m_urlLoader.get(), &WebUrlLoaderClient::didFail, webResponse.release()));
+        if (m_interceptResponse == NULL) {
+            OwnPtr<WebResponse> webResponse(new WebResponse(m_request.get()));
+            m_urlLoader->maybeCallOnMainThread(NewRunnableMethod(
+                    m_urlLoader.get(), &WebUrlLoaderClient::didFail, webResponse.release()));
+        } else {
+            OwnPtr<WebResponse> webResponse(new WebResponse(m_url, m_interceptResponse->mimeType(), 0,
+                    m_interceptResponse->encoding(), m_interceptResponse->status()));
+            m_urlLoader->maybeCallOnMainThread(NewRunnableMethod(
+                    m_urlLoader.get(), &WebUrlLoaderClient::didFail, webResponse.release()));
+        }
     }
     m_networkBuffer = 0;
     m_request = 0;
-- 
2.11.0